Tanvi’s Take: Digital Identity Management in Financial Services needs an Overhaul
I clearly remember opening my first brokerage account when I was in college. The paperwork was tedious and had to be mailed then. Then, I had to go into a branch to verify my identity. I was a broke college kid without a car and couldn’t afford a cab. This was before ridesharing apps existed; so instead I took a bus, then a train, and finally walked for 20 minutes to get to the branch. The entire process took most of my day. If it hadn’t been for my internship in asset management where I learned how important it was to invest your money, I wouldn’t have bothered.
Now, think about doing that for every single financial account most adults use — a bank, brokerage account, retirement account, HSA, mortgage, loan, etc. That’s what identity management in fintech used to look like. Yikes. Nowadays, banks and financial institutions have improved their KYC and identity verification processes. You can open an account in a few clicks and usually don’t need to verify your identity in-person. But this part of fintech is still very much something customers deal with rather than enjoy. 87% of people feel either neutral or dissatisfied with how digital identity is managed by financial institutions. 87%!!! If that stat doesn’t scream opportunity to disrupt I don’t know what does.
In the past customers would just deal with sub-par experiences. But we now have options and will walk away from companies or products that don’t deliver. In fact, 42% of users, and 60% of Gen Zers, abandoned signing up for a new financial account/service because the process was too long or confusing. Younger generations are comfortable switching between financial institutions — 48% of millennials, for example, have accounts with multiple institutions. The average financial institution annually spends $60M on KYC and $58M on onboarding, so losing even a small percentage of customers in these processes can cost millions.
Among many other reasons, this is why neobanks and other fintech products have become so popular. Opening a financial services account has never been quicker or more accessible. Unfortunately, this perk has come with a lot of fraud. Chime isn’t accepted at some rental car companies or hotels. Robinhood, too, has blocked transfers from various neobanks. This does not bode well for customers increasingly concerned about their privacy and how their data is managed. As customers read about fraud in fintech, they will increasingly pause during the KYC process when opening a new account. Already, 36% feel they are being asked for too much data and 50% are concerned their data won’t be stored safely.
Today, there are multiple approaches to this problem, including:
- Fraud management: companies like Sardine, Alloy, Hummingbird, Comply Advantage, and others help all businesses, including banks and fintechs, catch fraud and stop nefarious financial activity — all in their own ways.
- Identification verification: companies like Onfido, Authenticate, Veriff, and Berbix provide a nifty facial recognition service that customers can use with an ID picture & a selfie.
However, these solutions don’t solve the issue of identity management. They absolutely solve B2B pain points and make individual experiences verifying identity with businesses better. But customers experience identity verification multiple times in their life. Improving identity management requires an ongoing relationship with customers. It isn’t a one-off thing that happens just when a customer works with a certain business.
Rethinking Identity Management
I recently had the pleasure of speaking with Nate Soffio, founder of Portabl, about all things identity management and how he’s rethinking the space. Nate explained to me that while regulatory bodies like FinCen and the OCC set regulatory expectations around identity verification & KYC, they can’t actually mandate any processes. So that means, EVERY financial institution creates its own KYC/identity management process, leading to our current state of silos and prompting customers to constantly reshare their information.
Portabl, and other startups, are radically turning the entire system on its head by creating networks to share identities. The space is heating up — we’re seeing unique product features, distinctly different visions, and nuanced GTMs. Read on to learn more!
Portabl — Ownership Over Your Data
Portabl is a platform giving users access to and control over their digital identity across traditional financial institutions and DeFi. After going through KYC once, customers have a verified financial identity via Portabl they bring with them. Any bank or fintech they want to open a new financial account with can verify their identity in 2 clicks. Banks and fintechs can in turn configure Portabl’s API with the data they need to validate for successful account creation; and with Portabl’s customer-facing app, customers have constant insight into what information is being shared and the ability to update it in real-time as things change (e.g. getting married and changing your name)…kind of like as Apple wallet for sensitive verification information.
Portabl’s approach to identity management is unique in its focus on end customers. Businesses can configure Portabl’s API for any specific data they want, but customers will be aware of exactly what data is being shared with which institution. Portabl themselves will have limited access to the consumer data and doesn’t plan to sell it as another revenue source
SoraID & Footprint— Verify Your Identity With Us
Sora ID and Footprint are also rethinking the space, but with a completely different approach.
With SoraID, customers verify their identity through SoraID’s model using government ID numbers & documents and scanning a selfie to confirm it matches your government ID pictures (API docs suggest there’s some form of biometric authentication as well). Then, participating financial institutions have access to these identities and can minimize arduous KYC processes. SoraID aims to be a one-stop shop for all things identity; with the idea being once you’re verified with them, there should be no further data sharing as you open accounts with new financial institutions.
Footprint is a tool that holds customers’ private information in an encrypted wallet. Customers re-verify themselves using Face or Touch ID before enabling Footprint to share their information with partner organizations. Footprint aims to be “the last identity form [customers] will ever have to fill out”, citing the application process for rentals to be a key pain point they’re trying to solve. They also take on the risk of storing PII data from customers rather than passing that along to companies.
Footprint, similar to SoraID, validates customer data before sharing it within their institutions. Interestingly, neither seem to focus on sharing existing KYC information between banks or other institutions but instead want to be the platform to verify identity. Footprint’s positioning on their website seems much more business-centric, especially with the added benefit of PII data vaulting. Parallel Markets is also doing something similar to both of these startups, albeit with a more tailored go-to-market per my understanding.
In many ways, these solutions remind me of India’s Adhaar initiative which provided a digital identity to all citizens. I’m curious if either startup is working with regulators at all here — and whether creating a biometric digital identity is the place of tech companies or the government. In theory, these solutions sound fantastic — but it will depend heavily on companies building trust with both financial institutions and customers alike while playing nicely with regulators as they inevitably get involved.
Norbloc — Sharing Identity In Partnership with Banks
Norbloc’s CEO, Astyanax Kanakakis, focuses on sharing regulated data to improve the customer experience and compliance of financial institutions. Norbloc’s product is a blockchain network of individual KYC files that are shared between central & local banks. Here, customers input their information and go through KYC with a bank once. Once that’s complete, banks in the network can reuse their KYC file in all future applications. The key difference here is that all banks in the network use the KYC file from any of the banks that approved the customer. Norbloc doesn’t verify identity but rather provides the network & infrastructure for banks to verify and share.
Though Norbloc is based in Europe, their test case in the United Arab Emirates launched in 2020. Their network seems to be helping — allegedly reducing account opening time to minutes vs months, cleaning up and standardizing KYC data, and making compliance management easier. I couldn’t find too much information on their approach besides this summary but am curious to learn more/read any reports they’ll publish on their process.
Norbloc’s solution is the only one I could find today that was done in partnership with banks and regulators. It’s cool to see a solution that combines policy, government, and tech — but I wonder if this approach is feasible globally or just within certain countries.
Identity Management — Looking Forward
Portabl, Sora ID, Footprint, and Norbloc are in early stages. I’m excited to see how things go for them, how they each differentiate, and how they carve out their own competitive advantage. There’s certainly a big enough pie for a few winners. A few other areas I’m thinking about:
- KYB solutions: how can innovative solutions currently geared toward customer KYC be applied to business accounts in KYB processes? Norbloc’s solution, for example, has been implemented for both customers and businesses. I also wonder if there are sufficient nuances in business type for verticalized solutions.
- web3 x KYC: blockchain is a fantastic solution for any centralized approach that shares information between multiple parties, but I also wonder how DAOs and NFTs can best be used in this space (e.g. KYC DAO) and, more broadly, what identity management looks like in web3.
- Other industries: once a strong identity management network is established, there are far-reaching applications — think employee verifications upon hiring, governmental processes, etc.
Thoughts? Comments? I’d love to hear them — please comment or DM!
